US20090077389A1 - Security features in an electronic device - Google Patents
Security features in an electronic device Download PDFInfo
- Publication number
- US20090077389A1 US20090077389A1 US11/856,363 US85636307A US2009077389A1 US 20090077389 A1 US20090077389 A1 US 20090077389A1 US 85636307 A US85636307 A US 85636307A US 2009077389 A1 US2009077389 A1 US 2009077389A1
- Authority
- US
- United States
- Prior art keywords
- value
- root key
- data
- electronic device
- test
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012360 testing method Methods 0.000 claims abstract description 58
- 230000015654 memory Effects 0.000 claims abstract description 33
- 238000000034 method Methods 0.000 claims abstract description 22
- 238000013500 data storage Methods 0.000 claims description 14
- 239000007787 solid Substances 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000015556 catabolic process Effects 0.000 description 2
- 238000006731 degradation reaction Methods 0.000 description 2
- 230000003139 buffering effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Definitions
- the present aspects relate generally to control of access to circuitry and/or information in electronic devices. More particularly, the present aspects relate to security features in electronic devices.
- Electronic devices such as disc drives and solid state data storage devices, contain information that must be protected from unauthorized external observation and control.
- schemes for prevention of unauthorized access to information in such electronic devices are primarily implemented in the host computer, with the electronic device having little or no control over the operation of these schemes. Lack of control over such schemes within the device is problematic in different situations. For example, if the device is removed from the original host computer, confidential user data is no longer protected. In general, there is a need for better security in electronic devices.
- a method of establishing security in an electronic device includes generating a statistically unique root key value and storing the root key value in a one-time programmable memory of the device.
- the method also includes isolating firmware in the device from access to the root key value.
- the root key value is used as a root of trust that ensures that each electronic device has its own key.
- the root key is used to encrypt other keys in the device.
- a root key test value which is utilized to test the root key, and other security features such as a re-purpose number and a cipher block chaining re-purpose value are included to protect the electronic device from unauthorized access.
- An electronic device that includes these security features is also provided.
- FIG. 1 is a simplified block diagram that illustrates an electronic device with security features.
- FIG. 2 is a simplified block diagram of a disc drive data storage device with security features.
- FIG. 3 is a simplified block diagram of a solid state data storage device with security features.
- FIG. 4 is a simplified flowchart.
- Device 100 includes, as its primary components, a utilization circuit 102 , a controller 104 , a control bus 106 , a data bus 108 and a switch 110 .
- Electronic device 100 receives commands and information form external devices via control bus 106 and data bus 108 .
- utilization circuit 102 can be any type of electronic circuit. Specific examples of utilization circuits that include data memories are described further below.
- Controller 104 of device 100 , can include one or more processors (represented as firmware 112 ) that help carry out various functions within the controller 104 .
- controller 104 includes security features that control access to utilization circuit 102 via data bus 108 .
- Security features within controller 104 include a statistically unique root key value 114 , which is stored in a one-time programmable memory 116 of device 100 .
- the root key value 114 is used as a root of trust that ensures that each device has its own key.
- the statically unique root key value can be generated by any suitable random number generation mechanism that is stored within electronic device 100 . Alternatively, the random number generation mechanism can be in a device that is external to the electronic device 100 .
- controller 104 also includes root key security electronics 118 , which is a component that isolates firmware 112 in device 100 from access to the root key value 114 .
- root key security electronics 118 is a component that isolates firmware 112 in device 100 from access to the root key value 114 .
- any processing of commands that involves exposing of the actual root key value 114 is carried out within root key security electronics 118 , and only status values corresponding to the commands are returned to the firmware 112 .
- root key value 114 is used as a root of trust that ensures that each device has its own key.
- root key value 112 is used to encrypt passwords and others keys within electronic device 100 .
- electronic device 100 requires a valid password before it grants access to utilization circuit 102 through data bus 108 via switch 110 . It should be noted that the valid password stored in device 100 , either within controller 104 or in utilization circuit 102 , is encrypted with root key value 114 . Thus, when an entered password is communicated to controller 104 via control bus 106 , it undergoes root key processing before it is compared with the valid password.
- the root key value 114 is stored in a one-time programmable memory 116 . Over time it is possible that, due to degradation of memory 116 or other events, the root key value 114 may change. To prevent problems from arising as a result of an altered root key value, a root key test value is employed to test the root key value 114 .
- a root key test command that utilizes the root key test value to test the root key value 114 can be automatically executed at predetermined time intervals or in conjunction with other commands. In general, the root key test command can be executed at any suitable time. Details regarding the root key test value and other security features are described below in connection with FIGS. 2 and 3 , which are specific examples of electronic device 100 .
- FIG. 2 is a simplified block diagram of system that includes a disc drive 200 , which is specific example of an electronic device that employs security features in accordance with the present aspects.
- a host computer 202 provides top level control of a disc drive controller 204 , which in turn controls the operation of the disc drive 200 in accordance with programming and information stored in, for example, internal memory 205 and external memories such as dynamic random access memory (DRAM) 206 and non-volatile flash memory 208 .
- DRAM dynamic random access memory
- non-volatile flash memory 208 non-volatile flash memory
- disc drive controller 204 has security features that are similar to those included in controller 104 of FIG. 1 .
- firmware 206 is connected to root key block 209 in which root key value 210 , which is stored in one time programmable memory 212 , is isolated form firmware 206 by root key security electronics 214 .
- an encryption block 216 is included in controller 204 in which encryption of data is carried out with the help of one or more encryption keys, which are included in keys block 218 .
- keys which may be stored in blocks 206 , 208 and/or disc(s) 230 are encrypted with root key value 210 .
- Encryption processing for keys in blocks 206 , 208 and/or 230 is carried out by root key security electronics 214 .
- General encryption-related functions such as enabling/disabling of encryption, setting up of parameters for encryption such as block sizes and other options are carried out in encryption block 216 under the control of firmware 206 . It should be noted that the configuration shown in FIG. 2 for encryption processing is only an example and numerous other configurations, which utilize security features in accordance with the present aspects, are possible.
- Data to be stored by the disc drive 200 are transferred from the host computer 202 to interface circuit 220 and then via buffer manager 222 that includes a data buffer for temporarily buffering the data prior to its encryption, which, as noted above, takes place in encryption block 216 under the control of microprocessor 206 .
- a sequencer (not shown) directs the operation of a read/write channel 224 and a preamp/driver circuit 226 during data transfer operations.
- a spindle circuit 228 is provided to control the rotation of one or more data storage discs 230 by spindle motor 232 .
- a servo circuit 234 is provided to control the position of one or more recording heads 236 relative to the disc(s) 230 as part of a servo loop established by the head 236 , the preamp/driver 226 , the servo circuit 234 and coil 238 that controls the position of an actuator arm.
- the servo circuit 234 includes a digital signal processor (DSP) which is programmed to carry out two main types of servo operation: seeking and track following.
- DSP digital signal processor
- data storage discs 230 which are controlled by spindle circuitry ( 226 and 230 ), constitute a utilization circuit (such as 102 shown in FIG. 1 ).
- access to the utilization circuit, via interface 220 is controlled by using password protection.
- passwords are encrypted with root key value 210 .
- encryption in disc drive 200 is carried out with the help of root key value 210 .
- a root key test value is utilized to test the root key value.
- encryption key test values are utilized to test encryption keys. Table 1 and Table 2 below show a root key test value and an encryption key test value, respectively.
- Root Key Test Value This is a test value for the root key value. It is a 128-bit predetermined fixed pattern. Re-purpose This value is incremented each time that the drive is re- Number purposed. This is used in conjunction with the loading of keys to ensure that the key that is loaded is has not been erased. Fixed Wrap This a single bit that indicates whether a fixed wrap Key indicator key has been utilized
- Fields Field Name Description Test Value This field is the value that is used to test the load key (encryption key or any other key). It is a 64-bit predetermined fixed pattern.
- Re-purpose This is the re-purpose number that was active when Number this key was created, if this number does not match the number from the root key test value, then this key was not created since the last re-purpose operation.
- Extra bits Used for padding out to a size that is a multiple of a block size used by an encryption algorithm. The extra bits are randomly generated.
- the root key test value shown in Table 1 is encrypted with the root key and stored in an encrypted form in the disc drive.
- One possible storage location for the encrypted root key test value is on disc 230 .
- the encrypted root key test value is denoted by reference numeral 231 and encryption keys are denoted by reference numeral 233 .
- executing a root key test command to test the stored root key value involves decrypting the root key test value with the root key value. Upon decryption, if the Test Value bits, correspond to the predetermined pattern, the stored root key value is accurate. If a different pattern is obtained, the stored root key has changed.
- Test Value bits (described in Table 2) are compared with the predetermined pattern. It should be noted that these are highly specific examples for testing a stored root key and a stored encryption key and, in general, any test value fields of any suitable length may be used.
- the root key test value also includes a 16-bit re-purpose number.
- the re-purpose number is incremented.
- the encryption key test value also includes a 16-bit re-purpose number, which is a copy of the re-purpose number in the root key test value. In essence, if the re-purpose number in the encryption key test value does not match the re-purpose number of the root key test value, the encryption key will not be loaded and is not usable.
- a security attack that incrementing of the re-purpose number prevents is when a user (person A) has re-purposed a drive and a buyer of the drive (person B) tries to load the old encryption key (from person A) to decrypt the contents on the drive. Since the re-purpose number does not match, the hardware (firmware/root key) will not allow the old encryption key to be loaded and person B cannot decrypt the contents of the drive.
- the re-purpose number in the root key test value will only increment and will disable the security of the drive when it reaches a predetermined maximum value (FFFF, for example). This is implemented so that an attacker cannot continue to re-purpose the drive until the re-purpose number rolls over and matches the re-purpose number of the original user (person A). It should be noted that, instead of a 16-bit re-purpose number, the re-purpose number can include any suitable number of bits.
- Encryption algorithms typically operate on data blocks of a predetermined size (for example, 128-bit blocks). For each data block, the data is either encrypted (plaintext to ciphertext) or decrypted (ciphertext to plaintext).
- One type of encryption involves encrypting each data block separately and independently without any links between the separate data blocks.
- Another type of encryption includes links between different encrypted data blocks.
- Cipher block chaining (CBC) is one type of encryption technique that, in general, links different encrypted data blocks.
- CBC Cipher block chaining
- the ciphertext that is produced by encrypting a block is XORed with the plaintext that is in the next block to be encrypted. Since the first block to be encrypted does not follow any previous encryption operation, there is no previous ciphertext to XOR with the first plaintext block.
- a special initialization vector (IV) is used for the XOR operation.
- the IV value is a value derived from the address for the data block that is being encrypted or decrypted.
- the derived IV is mixed with a CBC re-purpose value, which is random value generated by firmware, to change the encrypted data block based on the CBC re-purpose value.
- the CBC re-purpose value is 64 bits in length.
- An example encryption block modified by a CBC re-purpose value is denoted by reference numeral 235 .
- a user will continue to use the drive and then will perform a re-purpose operation (to erase the drive) before discarding the drive (in this case by selling it).
- the new user can read the previous data (encrypted with the new key) and then decrypt the data externally to obtain the precious owner's encrypted data. It is now possible to perform a brute force attack on the previous owner's data (this is trial decryption with all possible keys).
- the CBC re-purpose value makes the brute force attack substantially more complex.
- the firmware will generate a new CBC re-purpose value that is randomly generated and therefore does not correspond with the re-purpose value that is a part of the root key value. It is possible for the firmware to have a single CBC re-purpose value for the entire drive or for it to have a different CBC re-purpose value for each key (a user can have multiple keys in use on a single drive).
- device-related commands and keys can be escrowed (saved external to the device).
- a user can establish a fixed wrap key. Once established, the fixed wrap key is utilized by the electronic device to encrypt commands and keys that are communicated between the electronic device and an external device that is operably coupled to the electronic device.
- a fixed wrap key indicator (included in Table 1 above as part of the root key test value) is a single bit that indicates whether a fixed wrap key has been utilized.
- the one-time programmable memory is examined to determine whether it has been programmed with a root key value. If no root key has been programmed, access to the utilization circuit of the electronic device is eliminated. If a root key value is present, normal processing continues.
- FIG. 3 is a simplified block diagram of a solid state data storage device 300 with security features.
- device 300 includes multiple groups of flash memory chips (such as 302 and 304 ), with each group including a separate flash memory controller 306 , 308 .
- the flash memory is collectively denoted by reference numeral 305 .
- Storage device 300 also includes a device controller 310 that communicates with individual flash memory controllers (such as 306 and 308 ).
- Device controller 310 operates in a manner similar to, and implements security features that are similar to those in, disc drive controller 204 and therefore its internal components are numbered with the same reference numerals used for corresponding components in FIG. 2 . Further, since security-related operations in device 300 are substantially similar to the security-related operations in device 200 , an explanation of these operations has not been repeated.
- a first step of the method involves generating a statistically unique root key value. This is illustrated at step 402 .
- the root key value is stored in a one-time programmable memory of the device.
- Firmware in the device is isolated from access to the root key value.
- step 406 is illustrated at step 406 .
- additional security features that are related to the root key value are established.
- the additional security features include a root key test value, which is utilized to test the root key, and other security features such as a re-purpose number. All these features were described earlier in connection with FIGS. 1 through 3 .
- at least one cipher block chaining re-purpose value which is utilized to modify encrypted data stored in the data memory, is established. This is illustrated at step 410 .
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Signal Processing For Digital Recording And Reproducing (AREA)
- Storage Device Security (AREA)
Abstract
Description
- The present aspects relate generally to control of access to circuitry and/or information in electronic devices. More particularly, the present aspects relate to security features in electronic devices.
- Electronic devices, such as disc drives and solid state data storage devices, contain information that must be protected from unauthorized external observation and control. However, in many cases, schemes for prevention of unauthorized access to information in such electronic devices are primarily implemented in the host computer, with the electronic device having little or no control over the operation of these schemes. Lack of control over such schemes within the device is problematic in different situations. For example, if the device is removed from the original host computer, confidential user data is no longer protected. In general, there is a need for better security in electronic devices.
- Aspects of the present disclosure provide solutions to these and/or other problems, and offer other advantages over the prior art.
- A method of establishing security in an electronic device is provided. The method includes generating a statistically unique root key value and storing the root key value in a one-time programmable memory of the device. The method also includes isolating firmware in the device from access to the root key value. The root key value is used as a root of trust that ensures that each electronic device has its own key. In general, the root key is used to encrypt other keys in the device. In different aspects, a root key test value, which is utilized to test the root key, and other security features such as a re-purpose number and a cipher block chaining re-purpose value are included to protect the electronic device from unauthorized access. An electronic device that includes these security features is also provided.
- These and other features and benefits that characterize aspects of the present disclosure will be apparent upon reading the following detailed description and review of the associated drawings.
-
FIG. 1 is a simplified block diagram that illustrates an electronic device with security features. -
FIG. 2 is a simplified block diagram of a disc drive data storage device with security features. -
FIG. 3 is a simplified block diagram of a solid state data storage device with security features. -
FIG. 4 is a simplified flowchart. - Referring now to
FIG. 1 , a simplified block diagram of anelectronic device 100, which includes security features in accordance with the present aspects, is shown.Device 100 includes, as its primary components, autilization circuit 102, acontroller 104, acontrol bus 106, adata bus 108 and aswitch 110.Electronic device 100 receives commands and information form external devices viacontrol bus 106 anddata bus 108. In general,utilization circuit 102 can be any type of electronic circuit. Specific examples of utilization circuits that include data memories are described further below. -
Controller 104, ofdevice 100, can include one or more processors (represented as firmware 112) that help carry out various functions within thecontroller 104. In accordance with the present aspects,controller 104 includes security features that control access toutilization circuit 102 viadata bus 108. Security features withincontroller 104 include a statistically uniqueroot key value 114, which is stored in a one-timeprogrammable memory 116 ofdevice 100. Theroot key value 114 is used as a root of trust that ensures that each device has its own key. The statically unique root key value can be generated by any suitable random number generation mechanism that is stored withinelectronic device 100. Alternatively, the random number generation mechanism can be in a device that is external to theelectronic device 100. Here, the generation of theroot key value 114 is carried out externally, and the value obtained is stored in one-timeprogrammable memory 116. It should be noted that, even if theroot key value 114 is generated external todevice 100, once the value is stored in one-timeprogrammable memory 116, it is not usually preserved anywhere outsidedevice 100. The random number generation mechanism can include hardware and/or software. As can be seen inFIG. 1 ,controller 104 also includes rootkey security electronics 118, which is a component that isolatesfirmware 112 indevice 100 from access to theroot key value 114. In general, any processing of commands that involves exposing of the actualroot key value 114 is carried out within rootkey security electronics 118, and only status values corresponding to the commands are returned to thefirmware 112. - As noted above,
root key value 114 is used as a root of trust that ensures that each device has its own key. In general,root key value 112 is used to encrypt passwords and others keys withinelectronic device 100. In an example aspect,electronic device 100 requires a valid password before it grants access toutilization circuit 102 throughdata bus 108 viaswitch 110. It should be noted that the valid password stored indevice 100, either withincontroller 104 or inutilization circuit 102, is encrypted withroot key value 114. Thus, when an entered password is communicated to controller 104 viacontrol bus 106, it undergoes root key processing before it is compared with the valid password. Only if the entered password, upon encryption with theroot key value 114, matches the valid password,switch 110 is closed and access is allowed to utilization circuit viadata bus 108. During the password validation process, theroot key value 114 is isolated from thefirmware 112 by rootkey security electronics 118. - As noted earlier, the
root key value 114 is stored in a one-timeprogrammable memory 116. Over time it is possible that, due to degradation ofmemory 116 or other events, theroot key value 114 may change. To prevent problems from arising as a result of an altered root key value, a root key test value is employed to test theroot key value 114. A root key test command that utilizes the root key test value to test theroot key value 114 can be automatically executed at predetermined time intervals or in conjunction with other commands. In general, the root key test command can be executed at any suitable time. Details regarding the root key test value and other security features are described below in connection withFIGS. 2 and 3 , which are specific examples ofelectronic device 100. -
FIG. 2 is a simplified block diagram of system that includes adisc drive 200, which is specific example of an electronic device that employs security features in accordance with the present aspects. Ahost computer 202 provides top level control of adisc drive controller 204, which in turn controls the operation of thedisc drive 200 in accordance with programming and information stored in, for example,internal memory 205 and external memories such as dynamic random access memory (DRAM) 206 andnon-volatile flash memory 208. - As can be seen in
FIG. 2 ,disc drive controller 204 has security features that are similar to those included incontroller 104 ofFIG. 1 . Specifically, inFIG. 2 ,firmware 206 is connected toroot key block 209 in whichroot key value 210, which is stored in one timeprogrammable memory 212, is isolatedform firmware 206 by rootkey security electronics 214. Also included incontroller 204 is anencryption block 216 in which encryption of data is carried out with the help of one or more encryption keys, which are included inkeys block 218. Further, keys which may be stored inblocks root key value 210. Encryption processing for keys inblocks key security electronics 214. General encryption-related functions such as enabling/disabling of encryption, setting up of parameters for encryption such as block sizes and other options are carried out inencryption block 216 under the control offirmware 206. It should be noted that the configuration shown inFIG. 2 for encryption processing is only an example and numerous other configurations, which utilize security features in accordance with the present aspects, are possible. - Data to be stored by the
disc drive 200 are transferred from thehost computer 202 tointerface circuit 220 and then viabuffer manager 222 that includes a data buffer for temporarily buffering the data prior to its encryption, which, as noted above, takes place inencryption block 216 under the control ofmicroprocessor 206. A sequencer (not shown) directs the operation of a read/writechannel 224 and a preamp/driver circuit 226 during data transfer operations. Aspindle circuit 228 is provided to control the rotation of one or more data storage discs 230 by spindle motor 232. - A
servo circuit 234 is provided to control the position of one or more recording heads 236 relative to the disc(s) 230 as part of a servo loop established by thehead 236, the preamp/driver 226, theservo circuit 234 andcoil 238 that controls the position of an actuator arm. Theservo circuit 234 includes a digital signal processor (DSP) which is programmed to carry out two main types of servo operation: seeking and track following. - In
FIG. 2 , data storage discs 230, which are controlled by spindle circuitry (226 and 230), constitute a utilization circuit (such as 102 shown inFIG. 1 ). In an example aspect, access to the utilization circuit, viainterface 220, is controlled by using password protection. In this example aspect, as in the case of the electronic device ofFIG. 1 , passwords are encrypted with rootkey value 210. Further, as noted above, encryption indisc drive 200 is carried out with the help of rootkey value 210. - As noted earlier, a root key test value is utilized to test the root key value. Further, encryption key test values are utilized to test encryption keys. Table 1 and Table 2 below show a root key test value and an encryption key test value, respectively.
-
TABLE 1 Root Key Test Value Fields Field Name Description Test Value This is a test value for the root key value. It is a 128-bit predetermined fixed pattern. Re-purpose This value is incremented each time that the drive is re- Number purposed. This is used in conjunction with the loading of keys to ensure that the key that is loaded is has not been erased. Fixed Wrap This a single bit that indicates whether a fixed wrap Key indicator key has been utilized -
TABLE 2 Encryption Key Test Value Fields Field Name Description Test Value This field is the value that is used to test the load key (encryption key or any other key). It is a 64-bit predetermined fixed pattern. Re-purpose This is the re-purpose number that was active when Number this key was created, if this number does not match the number from the root key test value, then this key was not created since the last re-purpose operation. Extra bits Used for padding out to a size that is a multiple of a block size used by an encryption algorithm. The extra bits are randomly generated. - It should be noted that the root key test value shown in Table 1 is encrypted with the root key and stored in an encrypted form in the disc drive. One possible storage location for the encrypted root key test value is on disc 230. In
FIG. 2 , the encrypted root key test value is denoted byreference numeral 231 and encryption keys are denoted byreference numeral 233. In one aspect, executing a root key test command to test the stored root key value involves decrypting the root key test value with the root key value. Upon decryption, if the Test Value bits, correspond to the predetermined pattern, the stored root key value is accurate. If a different pattern is obtained, the stored root key has changed. To test a stored encryption key, as decryption process, first with the root key and then with the encryption key, is carried out and Test Value bits (described in Table 2) are compared with the predetermined pattern. It should be noted that these are highly specific examples for testing a stored root key and a stored encryption key and, in general, any test value fields of any suitable length may be used. - As noted in Table 1 above, the root key test value also includes a 16-bit re-purpose number. In accordance with the present aspects, each time a user re-purposes the drive (effectively erase it), the re-purpose number is incremented.
- Also, as shown in Table 2 above, the encryption key test value also includes a 16-bit re-purpose number, which is a copy of the re-purpose number in the root key test value. In essence, if the re-purpose number in the encryption key test value does not match the re-purpose number of the root key test value, the encryption key will not be loaded and is not usable.
- A security attack that incrementing of the re-purpose number prevents is when a user (person A) has re-purposed a drive and a buyer of the drive (person B) tries to load the old encryption key (from person A) to decrypt the contents on the drive. Since the re-purpose number does not match, the hardware (firmware/root key) will not allow the old encryption key to be loaded and person B cannot decrypt the contents of the drive.
- In addition, the re-purpose number in the root key test value will only increment and will disable the security of the drive when it reaches a predetermined maximum value (FFFF, for example). This is implemented so that an attacker cannot continue to re-purpose the drive until the re-purpose number rolls over and matches the re-purpose number of the original user (person A). It should be noted that, instead of a 16-bit re-purpose number, the re-purpose number can include any suitable number of bits.
- Encryption algorithms typically operate on data blocks of a predetermined size (for example, 128-bit blocks). For each data block, the data is either encrypted (plaintext to ciphertext) or decrypted (ciphertext to plaintext). One type of encryption involves encrypting each data block separately and independently without any links between the separate data blocks. Another type of encryption includes links between different encrypted data blocks. Cipher block chaining (CBC) is one type of encryption technique that, in general, links different encrypted data blocks. When an encryption algorithm is operating in CBC mode, the ciphertext that is produced by encrypting a block is XORed with the plaintext that is in the next block to be encrypted. Since the first block to be encrypted does not follow any previous encryption operation, there is no previous ciphertext to XOR with the first plaintext block. For the first block, a special initialization vector (IV) is used for the XOR operation.
- In one aspect, the IV value is a value derived from the address for the data block that is being encrypted or decrypted. In a specific aspect, the derived IV is mixed with a CBC re-purpose value, which is random value generated by firmware, to change the encrypted data block based on the CBC re-purpose value. In an example aspect, the CBC re-purpose value is 64 bits in length. An example encryption block modified by a CBC re-purpose value is denoted by
reference numeral 235. By adding the CBC re-purpose value, it makes it substantially harder for an attacker to brute force decode a previous owner's data. - For normal operations, a user will continue to use the drive and then will perform a re-purpose operation (to erase the drive) before discarding the drive (in this case by selling it). The new user can read the previous data (encrypted with the new key) and then decrypt the data externally to obtain the precious owner's encrypted data. It is now possible to perform a brute force attack on the previous owner's data (this is trial decryption with all possible keys). The CBC re-purpose value makes the brute force attack substantially more complex.
- As noted above, the firmware will generate a new CBC re-purpose value that is randomly generated and therefore does not correspond with the re-purpose value that is a part of the root key value. It is possible for the firmware to have a single CBC re-purpose value for the entire drive or for it to have a different CBC re-purpose value for each key (a user can have multiple keys in use on a single drive).
- In some aspects, device-related commands and keys can be escrowed (saved external to the device). To prevent such commands and keys from being disclosed to the firmware in the “clear,” a user can establish a fixed wrap key. Once established, the fixed wrap key is utilized by the electronic device to encrypt commands and keys that are communicated between the electronic device and an external device that is operably coupled to the electronic device. As noted above, a fixed wrap key indicator (included in Table 1 above as part of the root key test value) is a single bit that indicates whether a fixed wrap key has been utilized.
- As noted earlier, over time it is possible that, due to degradation of the one-time programmable memory or other events, the root key value may change and therefore, to prevent problems from arising as a result of an altered root key value, a root key test value is employed to test the root key value. It is also possible that the one-time programmable memory was never programmed with a root key value. Thus, in one aspect, the one-time programmable memory is examined to determine whether it has been programmed with a root key value. If no root key has been programmed, access to the utilization circuit of the electronic device is eliminated. If a root key value is present, normal processing continues.
-
FIG. 3 is a simplified block diagram of a solid statedata storage device 300 with security features. In contrast with disc drive data storage device 200 (of FIG. 2), which employs data storage media that rotate,device 300 has no moving parts. As can be seen inFIG. 3 ,device 300 includes multiple groups of flash memory chips (such as 302 and 304), with each group including a separateflash memory controller FIG. 3 , the flash memory is collectively denoted byreference numeral 305.Storage device 300 also includes adevice controller 310 that communicates with individual flash memory controllers (such as 306 and 308).Device controller 310 operates in a manner similar to, and implements security features that are similar to those in,disc drive controller 204 and therefore its internal components are numbered with the same reference numerals used for corresponding components inFIG. 2 . Further, since security-related operations indevice 300 are substantially similar to the security-related operations indevice 200, an explanation of these operations has not been repeated. - In conclusion, referring now to
FIG. 4 , aflowchart 400 of a method of establishing security in an electronic device is shown. A first step of the method involves generating a statistically unique root key value. This is illustrated atstep 402. Atstep 404, the root key value is stored in a one-time programmable memory of the device. Firmware in the device is isolated from access to the root key value. This is illustrated atstep 406. Atstep 408, additional security features that are related to the root key value are established. The additional security features include a root key test value, which is utilized to test the root key, and other security features such as a re-purpose number. All these features were described earlier in connection withFIGS. 1 through 3 . Also, as noted earlier, at least one cipher block chaining re-purpose value, which is utilized to modify encrypted data stored in the data memory, is established. This is illustrated atstep 410. - It is to be understood that even though numerous characteristics and advantages of various aspects of the disclosure have been set forth in the foregoing description, together with details of the structure and function of various aspects of the disclosure, this disclosure is illustrative only, and changes may be made in detail, especially in matters of structure and arrangement of parts within the principles of the present disclosure to the full extent indicated by the broad general meaning of the terms in which the appended claims are expressed. For example, the particular elements may vary depending on the particular application for the electronic device while maintaining substantially the same functionality without departing from the scope and spirit of the present disclosure. In addition, although the preferred aspects described herein are directed to security features for a data storage device, it will be appreciated by those skilled in the art that the teachings of the present disclosure can be applied to any electronic device, without departing from the scope and spirit of the present disclosure.
Claims (20)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/856,363 US8190920B2 (en) | 2007-09-17 | 2007-09-17 | Security features in an electronic device |
JP2008237829A JP5532198B2 (en) | 2007-09-17 | 2008-09-17 | Security features in electronic devices |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/856,363 US8190920B2 (en) | 2007-09-17 | 2007-09-17 | Security features in an electronic device |
Publications (2)
Publication Number | Publication Date |
---|---|
US20090077389A1 true US20090077389A1 (en) | 2009-03-19 |
US8190920B2 US8190920B2 (en) | 2012-05-29 |
Family
ID=40455852
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/856,363 Expired - Fee Related US8190920B2 (en) | 2007-09-17 | 2007-09-17 | Security features in an electronic device |
Country Status (2)
Country | Link |
---|---|
US (1) | US8190920B2 (en) |
JP (1) | JP5532198B2 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110035813A1 (en) * | 2009-08-04 | 2011-02-10 | Seagate Technology Llc | Encrypted data storage device |
US20110038123A1 (en) * | 2009-08-17 | 2011-02-17 | Seagate Technology Llc | Solid state data storage assembly |
GB2490875A (en) * | 2011-05-11 | 2012-11-21 | Future Upgrades Ltd | Controlling access to data storage means using a one-time-programmable memory device |
CN111527507A (en) * | 2018-12-03 | 2020-08-11 | 戴斯数字有限责任公司 | Data interaction platform utilizing secure environment |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2506176A1 (en) * | 2011-03-30 | 2012-10-03 | Irdeto Corporate B.V. | Establishing unique key during chip manufacturing |
US9674158B2 (en) * | 2015-07-28 | 2017-06-06 | International Business Machines Corporation | User authentication over networks |
Citations (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6385727B1 (en) * | 1998-09-25 | 2002-05-07 | Hughes Electronics Corporation | Apparatus for providing a secure processing environment |
US6457126B1 (en) * | 1998-01-21 | 2002-09-24 | Tokyo Electron Device Limited | Storage device, an encrypting/decrypting device and method of accessing a non-volatile memory |
US20030046593A1 (en) * | 2001-08-28 | 2003-03-06 | Xie Wen Xiang | Data storage device security method and apparatus |
US20040010468A1 (en) * | 2001-06-18 | 2004-01-15 | Miki Abe | Data transfer system, data transfer apparatus, data recording apparatus, data transfer method |
US20040117632A1 (en) * | 2002-12-12 | 2004-06-17 | Universal Electronics, Inc. | System and method for limiting access to data |
US20040223610A1 (en) * | 2003-04-18 | 2004-11-11 | Via Technologies Inc. | Apparatus and method for performing transparent cipher block chaining mode cryptographic functions |
US20050071661A1 (en) * | 2003-09-30 | 2005-03-31 | Kabushiki Kaisha Toshiba | Information recording apparatus, information recording method, and digital broadcast receiver |
US20050182934A1 (en) * | 2004-01-28 | 2005-08-18 | Laszlo Elteto | Method and apparatus for providing secure communications between a computer and a smart card chip |
US20060018465A1 (en) * | 2004-07-22 | 2006-01-26 | Keiko Saeki | Information-processing system, information-processing apparatus, information-processing method, and program |
US20060107057A1 (en) * | 2001-06-19 | 2006-05-18 | International Business Machines Corporation | Method and apparatus for providing television services using an authenticating television receiver device |
US7123722B2 (en) * | 2000-12-18 | 2006-10-17 | Globalcerts, Lc | Encryption management system and method |
US20070061571A1 (en) * | 2005-09-09 | 2007-03-15 | Hammes Peter S | System and method for managing security testing |
US20070083704A1 (en) * | 2005-09-29 | 2007-04-12 | Hitachi Global Storage Technologies Netherlands B.V. | Hard disk drive with certification function |
US20070110236A1 (en) * | 2004-10-29 | 2007-05-17 | Pioneer Corporation | Encryption/recording device and method |
US7228568B2 (en) * | 2001-04-17 | 2007-06-05 | Sony Corporation | Data recording apparatus, data recording method, and data transfer system |
US7257707B2 (en) * | 2001-11-16 | 2007-08-14 | Microsoft Corporation | Manifest-based trusted agent management in a trusted operating system environment |
US20070192630A1 (en) * | 2005-01-24 | 2007-08-16 | Crane Stephen J | Method and apparatus for securing the privacy of sensitive information in a data-handling system |
US7269257B2 (en) * | 2000-06-15 | 2007-09-11 | Sony Corporation | System and method for processing information using encryption key block |
US7350238B2 (en) * | 2001-06-13 | 2008-03-25 | Sony Corporation | Data transfer system, data transfer apparatus, data-recording apparatus, data management method and identifier generation method |
US7412053B1 (en) * | 2002-10-10 | 2008-08-12 | Silicon Image, Inc. | Cryptographic device with stored key data and method for using stored key data to perform an authentication exchange or self test |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3730432B2 (en) * | 1999-03-02 | 2006-01-05 | 東京エレクトロンデバイス株式会社 | Storage system, storage device, and storage data protection method |
JP2001023300A (en) * | 1999-07-09 | 2001-01-26 | Fujitsu Ltd | Storage device, control device and method for accessing to recording medium |
JP2007122294A (en) * | 2005-10-27 | 2007-05-17 | Kyocera Mita Corp | Network print system, and print server and client to be used for the same |
-
2007
- 2007-09-17 US US11/856,363 patent/US8190920B2/en not_active Expired - Fee Related
-
2008
- 2008-09-17 JP JP2008237829A patent/JP5532198B2/en not_active Expired - Fee Related
Patent Citations (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6457126B1 (en) * | 1998-01-21 | 2002-09-24 | Tokyo Electron Device Limited | Storage device, an encrypting/decrypting device and method of accessing a non-volatile memory |
US6385727B1 (en) * | 1998-09-25 | 2002-05-07 | Hughes Electronics Corporation | Apparatus for providing a secure processing environment |
US7269257B2 (en) * | 2000-06-15 | 2007-09-11 | Sony Corporation | System and method for processing information using encryption key block |
US7123722B2 (en) * | 2000-12-18 | 2006-10-17 | Globalcerts, Lc | Encryption management system and method |
US7228568B2 (en) * | 2001-04-17 | 2007-06-05 | Sony Corporation | Data recording apparatus, data recording method, and data transfer system |
US7350238B2 (en) * | 2001-06-13 | 2008-03-25 | Sony Corporation | Data transfer system, data transfer apparatus, data-recording apparatus, data management method and identifier generation method |
US20040010468A1 (en) * | 2001-06-18 | 2004-01-15 | Miki Abe | Data transfer system, data transfer apparatus, data recording apparatus, data transfer method |
US20060107057A1 (en) * | 2001-06-19 | 2006-05-18 | International Business Machines Corporation | Method and apparatus for providing television services using an authenticating television receiver device |
US20030046593A1 (en) * | 2001-08-28 | 2003-03-06 | Xie Wen Xiang | Data storage device security method and apparatus |
US7257707B2 (en) * | 2001-11-16 | 2007-08-14 | Microsoft Corporation | Manifest-based trusted agent management in a trusted operating system environment |
US7412053B1 (en) * | 2002-10-10 | 2008-08-12 | Silicon Image, Inc. | Cryptographic device with stored key data and method for using stored key data to perform an authentication exchange or self test |
US20040117632A1 (en) * | 2002-12-12 | 2004-06-17 | Universal Electronics, Inc. | System and method for limiting access to data |
US20040223610A1 (en) * | 2003-04-18 | 2004-11-11 | Via Technologies Inc. | Apparatus and method for performing transparent cipher block chaining mode cryptographic functions |
US20050071661A1 (en) * | 2003-09-30 | 2005-03-31 | Kabushiki Kaisha Toshiba | Information recording apparatus, information recording method, and digital broadcast receiver |
US20050182934A1 (en) * | 2004-01-28 | 2005-08-18 | Laszlo Elteto | Method and apparatus for providing secure communications between a computer and a smart card chip |
US20060018465A1 (en) * | 2004-07-22 | 2006-01-26 | Keiko Saeki | Information-processing system, information-processing apparatus, information-processing method, and program |
US20070110236A1 (en) * | 2004-10-29 | 2007-05-17 | Pioneer Corporation | Encryption/recording device and method |
US20070192630A1 (en) * | 2005-01-24 | 2007-08-16 | Crane Stephen J | Method and apparatus for securing the privacy of sensitive information in a data-handling system |
US20070061571A1 (en) * | 2005-09-09 | 2007-03-15 | Hammes Peter S | System and method for managing security testing |
US20070083704A1 (en) * | 2005-09-29 | 2007-04-12 | Hitachi Global Storage Technologies Netherlands B.V. | Hard disk drive with certification function |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110035813A1 (en) * | 2009-08-04 | 2011-02-10 | Seagate Technology Llc | Encrypted data storage device |
US9195858B2 (en) | 2009-08-04 | 2015-11-24 | Seagate Technology Llc | Encrypted data storage device |
US20110038123A1 (en) * | 2009-08-17 | 2011-02-17 | Seagate Technology Llc | Solid state data storage assembly |
US8199506B2 (en) | 2009-08-17 | 2012-06-12 | Seagate Technology, Llc | Solid state data storage assembly |
GB2490875A (en) * | 2011-05-11 | 2012-11-21 | Future Upgrades Ltd | Controlling access to data storage means using a one-time-programmable memory device |
CN111527507A (en) * | 2018-12-03 | 2020-08-11 | 戴斯数字有限责任公司 | Data interaction platform utilizing secure environment |
Also Published As
Publication number | Publication date |
---|---|
JP5532198B2 (en) | 2014-06-25 |
US8190920B2 (en) | 2012-05-29 |
JP2009071838A (en) | 2009-04-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20040172538A1 (en) | Information processing with data storage | |
US9304944B2 (en) | Secure memory access controller | |
US5224166A (en) | System for seamless processing of encrypted and non-encrypted data and instructions | |
US6457126B1 (en) | Storage device, an encrypting/decrypting device and method of accessing a non-volatile memory | |
US7444480B2 (en) | Processor, memory device, computer system, and method for transferring data | |
US20170046281A1 (en) | Address dependent data encryption | |
US20070297606A1 (en) | Multiple key security and method for electronic devices | |
US8751821B2 (en) | Secure read-write storage device | |
US20080189557A1 (en) | Method and architecture for restricting access to a memory device | |
US20060177064A1 (en) | Secure memory card with life cycle phases | |
US7640436B2 (en) | Encryption device and method | |
CA2537299A1 (en) | On-chip storage, creation, and manipulation of an encryption key | |
TWI461951B (en) | Data recording device, and method of processing data recording device | |
JP2010509690A (en) | Method and system for ensuring security of storage device | |
US8190920B2 (en) | Security features in an electronic device | |
US20160248588A1 (en) | Security ram block with multiple partitions | |
JP2001513929A (en) | Electronic data processing devices and systems | |
CN111488630B (en) | Storage device capable of configuring safe storage area and operation method thereof | |
US20060198515A1 (en) | Secure disc drive electronics implementation | |
JP5377799B1 (en) | Programmable logic controller | |
EP0121853A2 (en) | Data processing system having public encryption and private decryption keys | |
US7925013B1 (en) | System for data encryption and decryption of digital data entering and leaving memory | |
US20190140851A1 (en) | Secure logic system with physically unclonable function | |
KR100972540B1 (en) | Secure memory card with life cycle phases | |
US20200356285A1 (en) | Password protected data storage device and control method for non-volatile memory |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SEAGATE TECHNOLOGY, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MATTHEWS, DONALD P., JR.;REEL/FRAME:019835/0694 Effective date: 20070917 |
|
AS | Assignment |
Owner name: SEAGATE TECHNOLOGY LLC, CALIFORNIA Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE ASSIGNEE NAME PREVIOUSLY RECORDED ON REEL 019835 FRAME 0694;ASSIGNOR:MATTHEWS, DONALD P., JR;REEL/FRAME:019839/0712 Effective date: 20070917 Owner name: SEAGATE TECHNOLOGY LLC, CALIFORNIA Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE ASSIGNEE NAME PREVIOUSLY RECORDED ON REEL 019835 FRAME 0694. ASSIGNOR(S) HEREBY CONFIRMS THE SEAGATE TECHNOLOGY TO SEAGATE TECHNOLOGY LLC;ASSIGNOR:MATTHEWS, DONALD P., JR;REEL/FRAME:019839/0712 Effective date: 20070917 |
|
AS | Assignment |
Owner name: JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT Free format text: SECURITY AGREEMENT;ASSIGNORS:MAXTOR CORPORATION;SEAGATE TECHNOLOGY LLC;SEAGATE TECHNOLOGY INTERNATIONAL;REEL/FRAME:022757/0017 Effective date: 20090507 Owner name: WELLS FARGO BANK, NATIONAL ASSOCIATION, AS COLLATE Free format text: SECURITY AGREEMENT;ASSIGNORS:MAXTOR CORPORATION;SEAGATE TECHNOLOGY LLC;SEAGATE TECHNOLOGY INTERNATIONAL;REEL/FRAME:022757/0017 Effective date: 20090507 |
|
AS | Assignment |
Owner name: SEAGATE TECHNOLOGY INTERNATIONAL, CALIFORNIA Free format text: RELEASE;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:025662/0001 Effective date: 20110114 Owner name: SEAGATE TECHNOLOGY HDD HOLDINGS, CALIFORNIA Free format text: RELEASE;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:025662/0001 Effective date: 20110114 Owner name: MAXTOR CORPORATION, CALIFORNIA Free format text: RELEASE;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:025662/0001 Effective date: 20110114 Owner name: SEAGATE TECHNOLOGY LLC, CALIFORNIA Free format text: RELEASE;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:025662/0001 Effective date: 20110114 |
|
AS | Assignment |
Owner name: THE BANK OF NOVA SCOTIA, AS ADMINISTRATIVE AGENT, Free format text: SECURITY AGREEMENT;ASSIGNOR:SEAGATE TECHNOLOGY LLC;REEL/FRAME:026010/0350 Effective date: 20110118 |
|
ZAAA | Notice of allowance and fees due |
Free format text: ORIGINAL CODE: NOA |
|
ZAAB | Notice of allowance mailed |
Free format text: ORIGINAL CODE: MN/=. |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: SEAGATE TECHNOLOGY INTERNATIONAL, CAYMAN ISLANDS Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS COLLATERAL AGENT AND SECOND PRIORITY REPRESENTATIVE;REEL/FRAME:030833/0001 Effective date: 20130312 Owner name: SEAGATE TECHNOLOGY LLC, CALIFORNIA Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS COLLATERAL AGENT AND SECOND PRIORITY REPRESENTATIVE;REEL/FRAME:030833/0001 Effective date: 20130312 Owner name: SEAGATE TECHNOLOGY US HOLDINGS, INC., CALIFORNIA Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS COLLATERAL AGENT AND SECOND PRIORITY REPRESENTATIVE;REEL/FRAME:030833/0001 Effective date: 20130312 Owner name: EVAULT INC. (F/K/A I365 INC.), CALIFORNIA Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:WELLS FARGO BANK, NATIONAL ASSOCIATION, AS COLLATERAL AGENT AND SECOND PRIORITY REPRESENTATIVE;REEL/FRAME:030833/0001 Effective date: 20130312 |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20240529 |